A control-first view of AxonFlow security features, data handling, deployment boundaries, and current certification posture.
Start here. This matrix lists the security features and services AxonFlow provides to customers. Compliance mapping comes later because the controls need to be visible first.
Primary contact: [email protected]. AxonFlow is source-available under BSL 1.1 for security review. AxonFlow does not currently hold SOC 2 or ISO 27001 certification. Vulnerability disclosure guidance is available at /security/, and automated security tools can also use security.txt.
| Feature or Service | Status | What Customers Get | Deployment Scope |
|---|---|---|---|
| Tenant isolation | Provided | Hosted multi-tenant deployments use PostgreSQL Row-Level Security with FORCE ROW LEVEL SECURITY on customer-data tables. Self-hosted single-tenant deployments can run without that multi-tenant boundary unless app-role RLS is enabled. |
Hosted multi-tenant; optional for self-hosted multi-tenant use |
| Customer-controlled deployment | Provided | Self-hosted and In-VPC options keep model calls and operational customer data inside the customer's deployment boundary. | Self-hosted and In-VPC deployments |
| Telemetry opt-out | Provided | Heartbeat telemetry is documented separately and can be disabled with AXONFLOW_TELEMETRY=off in customer-controlled deployments. Hosted SaaS telemetry is limited to service operation and support. |
Self-hosted and In-VPC deployments; hosted SaaS service operations |
| Encryption | Provided | TLS for external traffic, encrypted database storage, and AES-256-GCM encryption for stored LLM provider credentials when CONNECTOR_ENCRYPTION_KEY is configured. |
Production deployments |
| Secrets management | Provided | Production deployments typically source database credentials, provider keys, JWT secrets, and CONNECTOR_ENCRYPTION_KEY from AWS Secrets Manager or an equivalent customer-managed secret store. |
Production deployments |
| Authentication and API keys | Provided | Authenticated customer data and control-plane APIs, org-scoped API keys, signed license keys, session cookies, and admin API key separation. | Customer data, policy, and control-plane endpoints |
| RBAC, SSO, and SCIM | Enterprise | Custom roles, SAML SSO, and identity-provider-driven user lifecycle management for portal access. | Enterprise deployments |
| Runtime policy enforcement | Provided | PII detection and redaction, SQL injection scanning, custom policy checks, HITL approvals, and emergency circuit breakers. | Governed LLM, gateway, MCP, and workflow paths |
| Audit evidence | Provided | Every policy decision records a decision_id, verdict, evaluated policies, timestamp, and scoped identity such as org_id, client_id, and user_id when available. |
All governed request paths |
| Source review | Provided | Security teams can inspect the platform source code, including tenant isolation, PII detection, encryption, and authentication flows. Request source review access through procurement, design-partner, or customer security review channels. | Security review and procurement |
| Third-party certifications | Not certified yet | AxonFlow does not currently hold SOC 2 or ISO 27001. Self-hosted and In-VPC deployments can run inside the customer's certified environment. | Certification-gated procurement |
AxonFlow enforces tenant isolation at the database level, encrypts data in transit and at rest, and requires authentication on all customer data and control-plane endpoints.
Every customer-data table uses PostgreSQL Row-Level Security (RLS). Each inbound request sets app.current_org_id as a session variable. RLS policies filter all queries to rows matching the authenticated organization. FORCE ROW LEVEL SECURITY is enabled on all customer-data tables, which means RLS applies even to the table owner.
| Database Role | Privileges | Purpose |
|---|---|---|
axonflow_app_role |
NOBYPASSRLS |
Handles all request-path traffic. Cannot bypass RLS under any circumstance. |
axonflow_platform_admin |
BYPASSRLS |
Cross-tenant administrative operations only (migrations, tenant provisioning, GDPR erasure). Never exposed to request traffic. |
AxonFlow runs as two services (Agent and Orchestrator) behind a load balancer. External traffic is TLS-terminated at the ALB. Internal service traffic runs over plain HTTP inside the private VPC boundary unless the customer adds service-mesh or internal TLS. RDS instances are deployed in private subnets with no public IP. For In-VPC deployments, all traffic stays within the customer's AWS account.
Production deployments use AWS Secrets Manager or an equivalent customer-managed secret store for database passwords, LLM provider API keys, JWT signing keys, and CONNECTOR_ENCRYPTION_KEY. LLM provider credentials stored in the database are encrypted using AES-256-GCM when CONNECTOR_ENCRYPTION_KEY is configured; development deployments can fall back to plaintext storage. Secrets must never be written to logs.
All customer data, policy, and control-plane API endpoints require authentication. Operational endpoints (/health, /metrics, /prometheus) and the Community SaaS self-registration bootstrap route are intentionally unauthenticated. SDK and API access uses Basic Auth with tenant-scoped credentials; plugin and license flows use Ed25519-signed license keys. The customer portal uses session cookies (HTTP-only, Secure, SameSite=Lax). Administrative endpoints require a dedicated Admin API key stored in Secrets Manager.
How AxonFlow handles customer data across deployment modes, encryption layers, and compliance requirements.
Self-hosted and In-VPC deployments give customers full control over data residency. Model calls and operational customer data stay inside the customer's deployment boundary. AxonFlow heartbeat telemetry is documented separately and can be disabled with AXONFLOW_TELEMETRY=off. Community SaaS runs in us-east-1 (AWS).
| Encryption Layer | Mechanism | Details |
|---|---|---|
| In transit (external) | TLS 1.3 | Terminated at ALB with ALPN h2 support |
| In transit (internal) | Private HTTP by default | Service-to-service traffic stays inside the private VPC boundary unless the customer adds service-mesh or internal TLS |
| At rest (database) | AES-256 | RDS encryption enabled by default |
| At rest (credentials) | AES-256-GCM | Encrypted when CONNECTOR_ENCRYPTION_KEY is configured; development deployments can fall back to plaintext storage |
AxonFlow's PII detection engine runs on governed LLM, gateway, and MCP paths. Detected types include credit cards (Luhn checksum), IBAN (MOD-97), Aadhaar (Verhoeff checksum), PAN (format validation), SSN (area/group/serial validation), email (RFC 5322), phone, DOB, NRIC, FIN, UEN, passport, and booking references. Each type supports configurable enforcement: block, redact, warn, or log.
Every policy decision is recorded with a unique decision_id, verdict (allow, deny, redact, or require_approval), evaluated policies, timestamp, and identity (org_id, client_id, user_id). Audit logs are stored in RLS-protected tables. Each organization can only query its own records.
POST /api/v1/gdpr/delete removes data associated with a specified identity across platform tables within the authenticated organization's scope. Retention periods depend on deployment configuration and legal requirements; payment, tax, refund, and security records may need to be retained for statutory or dispute-resolution purposes.
Authentication, authorization, and identity management across AxonFlow deployments.
The customer portal supports custom roles with org-scoped permissions. Role assignments control which users can view audit logs, manage policies, configure providers, or approve HITL requests.
Enterprise deployments support SAML-based SSO for portal authentication. Integrates with Okta, Azure AD, Auth0, and other SAML 2.0 identity providers.
Automated user lifecycle management. Provision and deprovision portal users based on changes in the identity provider. Prevents orphaned accounts.
API keys are org-scoped and managed through the portal. Each key inherits its organization's RLS boundary. Keys can be created, rotated, and revoked through the portal UI or management API.
How AxonFlow secures the development and deployment pipeline.
AxonFlow is licensed under BSL 1.1 (Business Source License). The full platform source code is available for inspection. Security teams can audit the RLS implementation, PII detection logic, encryption code, and authentication flows directly.
| Practice | Details |
|---|---|
| Container scanning | Trivy scans on every container image build |
| Static analysis | CodeQL analysis on every pull request |
| Dependency review | Automated dependency review on every PR |
| Signed commits | DCO (Developer Certificate of Origin) sign-off on every commit |
| Non-root containers | All production containers run as non-root users with HEALTHCHECK |
| OIDC publishing | PyPI and npm packages published via OIDC with provenance attestation |
| Branch protection | No force push to main. Required status checks. Merge queue. |
These mappings show where AxonFlow security and governance features can support compliance work. AxonFlow is not a certification body and does not claim blanket compliance with any framework.
| Capability | RBI | SEBI | EU AI Act | MAS FEAT | HIPAA | PCI-DSS | Indonesia / OJK |
|---|---|---|---|---|---|---|---|
| PII detection + redaction | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Region-specific validators | Yes | Yes | Yes | Yes | -- | -- | Yes |
| SQL injection scanning | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Audit trail + evidence export | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| HITL approval gates | Yes | Yes | Yes | Yes | Yes | -- | Yes |
| Emergency circuit breaker | Yes | -- | Yes | Yes | -- | -- | -- |
| Decision Mode (PDP/PEP) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| MCP connector governance | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
For framework-specific details, see the compliance documentation: RBI FREE-AI, SEBI, EU AI Act, MAS FEAT.
AxonFlow does not currently hold SOC 2 or ISO 27001 certification. The platform is source-available under BSL 1.1, which means security teams can audit the implementation directly rather than relying on third-party attestation.
For organizations that require third-party certification as a procurement gate, self-hosted and In-VPC deployments inherit the customer's own certifications. AxonFlow runs as software within the customer's certified infrastructure.
For vulnerability reports, procurement questionnaires, or a hands-on security review with source code access, reach out directly.
